import jwt from "jsonwebtoken";
const JWT_SECRET = "qweasdzxc123456789";

export default function auth(req, res, next) {
  const authHeader = req.headers.authorization;
  if (!authHeader) {
    return res.status(401).json({ error: "未登录" });
  }
  const token = authHeader.replace("Bearer ", "");
  try {
    const decoded = jwt.verify(token, JWT_SECRET);
    req.user = decoded; // 把用户信息挂到req上
    next();
  } catch (err) {
    return res.status(401).json({ error: "登录已过期，请重新登录" });
  }
}
